/**
  * @param stdClass $params
  * @return int
  */
 public function login(stdClass $params)
 {
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authUser) >= 26) {
         return array('success' => false, 'error' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authPass) >= 11) {
         return array('success' => false, 'error' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Simple check username
     //-------------------------------------------
     if (!$params->authUser) {
         return array('success' => false, 'error' => 'The username field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // Simple check password
     //-------------------------------------------
     if (!$params->authPass) {
         return array('success' => false, 'error' => 'The password field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // Find the AES key in the selected site
     // And include the rest of the remaining
     // variables to connect to the database.
     //-------------------------------------------
     $_SESSION['site']['site'] = $params->choiseSite;
     $fileConf = "../sites/" . $_SESSION['site']['site'] . "/conf.php";
     if (file_exists($fileConf)) {
         /** @noinspection PhpIncludeInspection */
         include_once $fileConf;
         $mitos_db = new dbHelper();
         $err = $mitos_db->getError();
         if (!is_array($err)) {
             return array('success' => false, 'error' => 'For some reason, I can\'t connect to the database.');
         }
         // Do not stop here!, continue with the rest of the code.
     } else {
         return array('success' => false, 'error' => 'No configuration file found on the selected site.<br>Please contact support.');
     }
     //-------------------------------------------
     // Convert the password to AES and validate
     //-------------------------------------------
     $aes = new AES($_SESSION['site']['AESkey']);
     $ret = $aes->encrypt($params->authPass);
     //-------------------------------------------
     // Username & password match
     //-------------------------------------------
     $mitos_db->setSQL("SELECT id, username, fname, mname, lname, email\n                         FROM users\n        \t\t        WHERE username   = '******'\n        \t\t          AND password   = '******'\n        \t\t          AND authorized = '1'\n        \t\t        LIMIT 1");
     $rec = $mitos_db->fetch();
     if ($rec['username'] == null) {
         return array('success' => false, 'error' => 'The username or password you provided is invalid.');
     } else {
         //-------------------------------------------
         // Change some User related variables and go
         //-------------------------------------------
         $_SESSION['user']['name'] = $rec['title'] . " " . $rec['lname'] . ", " . $rec['fname'] . " " . $rec['mname'];
         $_SESSION['user']['id'] = $rec['id'];
         $_SESSION['user']['email'] = $rec['email'];
         $_SESSION['user']['auth'] = true;
         //-------------------------------------------
         // Also fetch the current version of the
         // Application & Database
         //-------------------------------------------
         $sql = "SELECT * FROM version LIMIT 1";
         $mitos_db->setSQL($sql);
         $rec = $mitos_db->fetch();
         $_SESSION['ver']['codeName'] = $rec['v_tag'];
         $_SESSION['ver']['major'] = $rec['v_major'];
         $_SESSION['ver']['rev'] = $rec['v_patch'];
         $_SESSION['ver']['minor'] = $rec['v_minor'];
         $_SESSION['ver']['database'] = $rec['v_database'];
         $_SESSION['lang']['code'] = $params->lang;
         return array('success' => true);
     }
 }
예제 #2
0
                 array_push($rows, $row);
             }
             break;
         case "insuranceNumbers":
             break;
         case "x12Partners":
             break;
     }
     print_r(json_encode(array('totals' => $total, 'row' => $rows)));
     exit;
 case 'POST':
     // *************************************************************************************
     // Get last "id" add 1 and use $new_id to insert the new data
     // *************************************************************************************
     $mitos_db->setSQL("SELECT id FROM pharmacies ORDER BY id DESC");
     $prec = $mitos_db->fetch();
     $mitos_db->setSQL("SELECT id FROM insurance_companies ORDER BY id DESC");
     $irec = $mitos_db->fetch();
     $new_id = max($prec['id'], $irec['id']) + 1;
     // *************************************************************************************
     // Validate and pass the POST variables to an array
     // This is the moment to validate the entered values from the user
     // although Sencha EXTJS make good validation, we could check again
     // just in case
     // *************************************************************************************
     switch ($_GET['task']) {
         case "pharmacy":
             $row['id'] = $new_id;
             $row['name'] = $data['name'];
             $row['transmit_method'] = $data['transmit_method'];
             $row['email'] = $data['email'];
예제 #3
0
$data = $foo['row'];
$start = !$_REQUEST["start"] ? 0 : $_REQUEST["start"];
$limit = !$_REQUEST["limit"] ? 30 : $_REQUEST["limit"];
switch ($_SERVER['REQUEST_METHOD']) {
    case 'GET':
        $mitos_db->setSQL("SELECT *\n\t\t\t\t             FROM users\n\t\t\t\t            WHERE users.authorized = 1 OR users.username != ''\n        \t\t         ORDER BY username\n        \t\t            LIMIT {$start},{$limit}");
        $total = $mitos_db->rowCount();
        $rows = array();
        foreach ($mitos_db->execStatement(PDO::FETCH_ASSOC) as $row) {
            $row['password'] = $aes->decrypt($row['password']);
            $row['pwd_history1'] = $aes->decrypt($row['pwd_history1']);
            $row['pwd_history2'] = $aes->decrypt($row['pwd_history2']);
            $row['fullname'] = fullname($row['fname'], $row['mname'], $row['lname']);
            $user_id = $row['id'];
            $mitos_db->setSQL("SELECT role_id FROM acl_user_roles WHERE user_id = {$user_id} ");
            $rec = $mitos_db->fetch();
            $row['role_id'] = $rec['role_id'];
            array_push($rows, $row);
        }
        print_r(json_encode(array('totals' => $total, 'row' => $rows)));
        exit;
    case 'POST':
        $role['role_id'] = $data['role_id'];
        unset($data['id'], $data['role_id'], $data['fullname']);
        $data['password'] = $aes->encrypt($data['password']);
        $data['authorized'] = $data['authorized'] == 'on' ? 1 : 0;
        $data['active'] = $data['active'] == 'on' ? 1 : 0;
        $data['calendar'] = $data['calendar'] == 'on' ? 1 : 0;
        if ($data['taxonomy'] == "") {
            unset($data['taxonomy']);
        }